Worklyne/Enterprise / Security
// Security

Security at every layer.

Encryption at rest and in transit, fine-grained access controls, customer-managed keys, and a complete, append-only audit trail.

Encryption

At rest & in transit.

AES-256 at rest. TLS 1.3 in transit. Customer-managed keys (CMEK) available on single-tenant and VPC deployments.

Access

SSO, SCIM, RBAC.

SAML and OIDC SSO. SCIM provisioning. Fine-grained role-based access at the workspace, space, and workflow level.

Audit

Every action, logged.

Append-only audit log with optional streaming to S3, GCS, or your SIEM. Tamper-evident hashing.

Hardening

Continuously tested.

Annual third-party pentests. Continuous vulnerability scanning. A public bug bounty program (HackerOne).

Identity

Zero trust by default.

Short-lived credentials, device posture checks, just-in-time elevation for sensitive actions.

Privacy

Data minimization.

Customer data is never used to train shared models. Embeddings stay in your region; you control retention.

// Disclosure

Report a vulnerability.

If you've found a security issue, email security@worklyne.com. PGP key on request. We acknowledge within 24 hours and publish a coordinated disclosure with credit.